Solved Multiple iexplore.exe in task manager (a.k.a. is there an echo in here?)

Status
Not open for further replies.
Ok - have not run OTL yet -wasn't quite sure if you wanted to see process explorer results first...

ok to run it?

thanks for helping - you rock.
 

Attachments

  • Procexp.txt
    7.8 KB · Views: 1
It looks like your computer doesn't like Comodo for some reason.
Comodo is consuming a good chunk of your CPU cycles.
Why don't we experiment a little...

Uninstall Comodo, turn Windows firewall on, restart computer and run OTL.
 
quick question: OTL opens as 'Security Tool - protect your PC'?

If so, it ran a scan automatically when I double clicked it, and now it is saying it has found 25 trojans/spyware etc. I do not see any place to enter the red text that you posted.
 
Stop! I'm not sure what you're running....
OTL from my post #23. It downloads OTL.exe
 
*sigh*

I think it's more malware/trojan - I have not done ANYTHING, don't worry. I downloaded OTL from your link directly.

now when I try to open chrome, it says that it is infected and my credit card details are being sent bla bla bla (other rubbish).

I cannot even open task manager now. there are two ystem tray icons now (new - never there before) and when I scroll over them, they says '522757373'.

doesn't seem as though I can open anything...writing this on my other half's machine now....


seems there is a Security Tools virus?
 
It looks like got reinfected somehow.
See, if you can update and run Malwarebytes.
 
update: I didnt touch a thing on my machine - was typing on here, and I got BSOD, which says that 'a problem appears to be caused by a file with something like sysprcmd.sys (went off too quickly to get the full file name. computer logged off and restarted. what should I do? thanks!
 
yes, just making sure it is safe to log in to normal mode first, rather than safe mode? don't want to go making things worse :)

so I can log in normally and try to run malwarebytes? thanks again, sorry this is becoming more of a pain for you.
 
Don't worry about me. You're doing fine.
Start in normal mode and if MBAM gives you any issues, run rKill first (you still should have it on your desktop).
 
can't run either MBAM or rkills - the 'Security Tool' pops up to say those files are infected and the worm is trying to send my credit card details. can't open task manager or anything....
 
Restart in Safe mode.
Run rKill first, then exehelper (you still have it) and then MBAM.
 
ok - thanks (again and again).

MBAM is running now - one infection found so far...it may take a while at the rate it's going, so I may just leave it to run through the night and post the results tomorrow.

do you ever sleep? :)
 
I sleep....LOL

I'll check on you tomorrow.
I'm not 100% sure, but it may be something wrong with that OTL file.
Don't touch it for now.
 
Ha! my luck get's better and better :)

ran MBAM in safe mode and it found two trojans, which were removed (log attached). when I restarted in normal mode, Security Tool was still on there though. what next? (edit: I am set up in safe mode right now, awaiting your guidance)
 

Attachments

  • mbam-log-2010-07-26 (06-50-49).txt
    1.1 KB · Views: 2
sorry for the bump - but just FYI for Broni - I am running an Avira scan in Safe Mode - which will likely run through the night (very slow!)...so if we can touch base tomorrow instead, it might be best :)

thanks again for all of your help!
 
Luckily, there was only one other person on this board affected by the same hacked download.
The issue has been fixed last night already, so all safe by now.

What's your situation right now?
I'm home only for a short period of time and I'll be gone for couple of hours, so let me know what your situation is.
 
The scan has been running for 6.5 hrs and is only 60% done - so it'll probably only be done in another 6 hrs or so (middle of the night for me). I'll post the Avira scan result as soon as I have it tomorrow morning.

Thanks!
 
Sadly I did not have a chance to get on here all day and the scan only finished at lunchtime anyway :)

attached - Avira didn't find anything. Odd?
 

Attachments

  • AVSCAN-20100726-095445-21539B66.LOG
    14.6 KB · Views: 0
That's good news :)

Now, I want you to do couple of things...

1. Did you?
It looks like your computer doesn't like Comodo for some reason.
Comodo is consuming a good chunk of your CPU cycles.
Why don't we experiment a little...

Uninstall Comodo, turn Windows firewall on, restart computer and run OTL.

2. Restart in normal mode, check for iexplore.exe presence, update MBAM, run "Quick scan" and post the log.

3. OTL issue has been solved very same night, so it's safe now...

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:



netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\system32\spool\prtprocs\w32x86\*.tmp
%systemroot%\*. /mp /s
/md5start
/md5stop
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs



* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
I really appreciate your help on this - and realize that it is not your issue that my computer is infected, but maybe I am not communicating properly here:

My computer is still infected with the Security Tool virus (I just restarted in Normal Mode and it is doing the same thing).

Just to remind you, here is what happened after you told me to uninstall Comodo, reactivate Windows Firewall and install the OTL file:

1. I uninstalled Comodo
2. I went to activate Windows Firewall but it was already activated (weird - but maybe that's why it was consuming so many cycles?), and restarted my computer
3. I downloaded the (infected) OTL file to my desktop
4. I opened OTL so that I could paste the red text into the Custom Scans box, it opened the Security Tool virus instead
5. I posted on here and you let me know that it was an infected file
6. I restarted in Safe Mode and ran an MBAM scan that took all night (two trojans found and quarantined - log posted)
7. I ran a full Avira scan which took 18hrs and it found nothing
8. I restarted in Normal Mode and the Security Tool virus is still alive and kicking.

Thanks again.
 
OK. First of all, make sure, that old OTL (26KB) file is gone.

Then, I wanted you to update and run Malwarebytes in normal mode. Will it run?

Now, before we run new OTL, let's re-run Combofix. If it won't run in normal mode, run it in safe mode.
 
Status
Not open for further replies.
Back